AZ-500 · Question #240
AZ-500 Question #240: Real Exam Question with Answer & Explanation
The correct answer is D: Grant Database1 access to Azure AD. To allow users to authenticate to an Azure SQL Managed Instance (Database1) using their existing Azure AD credentials, the instance must be configured to use Azure Active Directory for authentication.
Question
You work for an organization as an Azure administrator. There is one subscription having all Azure resources and all of them are in a single region. The organization has an Active Directory (AD) domain that is synchronized from on-premises using Azure AD Connect. Active Directory Federation Services (ADFS) is used for Single Sign-On (SSO). A managed SQL instance named Database1 is deployed to Azure with a single-user database. The users have to be authenticated when they connect, for which you use SQL Server authentication. A concern put front by the users says they are required to remember a separate username and password when if they want Excel to be connected to the managed SQL instance. As a solution, you decide to configure the Azure SQL Database so users can login without having to enter a username and password. Can you identify from the options below, which two actions should you perform?
Options
- AConfigure an Azure AD administrator for Database1
- BDeploy an on-premises data gateway in the on-premises network
- CConnect to Database1 via SQL Server Management Studio (SSMS) and enable Windows
- DGrant Database1 access to Azure AD
Explanation
To allow users to authenticate to an Azure SQL Managed Instance (Database1) using their existing Azure AD credentials, the instance must be configured to use Azure Active Directory for authentication.
Common mistakes.
- A. Configuring an Azure AD administrator is a specific step to enable AAD authentication, but 'Grant Database1 access to Azure AD' is a broader statement encompassing the full integration required for AAD authentication.
- B. An on-premises data gateway is used for connecting cloud services to on-premises data sources, not for configuring user authentication directly on an Azure SQL Managed Instance.
- C. Enabling 'Windows authentication' directly on an Azure SQL Managed Instance is not how Azure AD authentication is configured; Azure SQL uses Azure AD identities for cloud-native authentication.
Concept tested. Azure SQL Database Azure AD authentication
Reference. https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview
Community Discussion
No community discussion yet for this question.